-
Notifications
You must be signed in to change notification settings - Fork 109
Add support for missing events (fix indexedDB, etc) #629
Conversation
namespace { | ||
|
||
const uint32_t kRenderFilteredMessageClasses[] = { | ||
ChromeMsgStart, NetworkHintsMsgStart, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we only need ChromeMsgStart
because we are not handling any NetworkHintsMsg_*
messages
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed!
const base::string16& name, | ||
const base::string16& display_name, | ||
bool* allowed) { | ||
*allowed = true; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
these need to check cookie content settings or they will bypass blocking
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
also OnAllowDOMStorage
, OnRequestFileSystemAccess
and OnAllowIndexedDB
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed!
DCHECK_CURRENTLY_ON(BrowserThread::IO); | ||
|
||
Send(new ChromeViewMsg_RequestFileSystemAccessAsyncResponse( | ||
render_frame_id, request_id, true)); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
cc @diracdeltas - this doesn't seem like the right thing to do here. There is a permission in Chrome for this
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Removed this code
DCHECK_CURRENTLY_ON(BrowserThread::IO); | ||
|
||
|
||
ChromeViewHostMsg_RequestFileSystemAccessSync::WriteReplyParams(reply_msg, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
also cc @diracdeltas same as below sync response
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I removed this as I don't believe we need it
const GURL& top_origin_url, | ||
const base::string16& name, | ||
bool* allowed) { | ||
*allowed = true; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this should also check cookie content settings
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed
i don't understand this code very well but agree it generally needs to respect cookie blocking content settings. the setting for cookie blocking should be applied to all types of persistent local storage (including FileSystem API, indexdb, and DOM storage). you can find a test for this in browser-laptop test/fixtures/cookies.html |
Thanks for the review feedback- looking at this now... |
Ready for re-review! I added a test plan and also removed the |
const base::string16& display_name, | ||
bool* allowed) { | ||
*allowed = | ||
cookie_settings_->IsCookieAccessAllowed(origin_url, top_origin_url); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this should be using the HostContentSettingsMap. We don't use Chrome's CookieSettingsFactory or IsCookieAccessAllowed
. HostContentSettingsMapFactory::GetForProfile(profile_)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
same for all checks
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I can update the code - but it does work as-is. Once I fetch the HostContentSettingsMap, what would I check?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ContentSetting GetContentSetting(
const GURL& primary_url,
const GURL& secondary_url,
ContentSettingsType content_type,
const std::string& resource_identifier) const;
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
see comments
ready for re-re-review edit: SQUASHED! |
- AllowDatabase - AllowDOMStorage - AllowIndexedDB *Includes fixes from review feedback* Fixes brave/browser-laptop#12463 Fixes brave/browser-laptop#14475 Possibly addresses brave/browser-laptop#10685
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
++
bool BraveRenderMessageFilter::OnMessageReceived(const IPC::Message& message) { | ||
bool handled = true; | ||
IPC_BEGIN_MESSAGE_MAP(BraveRenderMessageFilter, message) | ||
IPC_MESSAGE_HANDLER(ChromeViewHostMsg_AllowDatabase, OnAllowDatabase) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
there's also an async version of these messages
Add support for missing events (fix indexedDB, etc)
Test plan
IndexedDB / AllowDatabase testing
Cookie Control
shields are set toBlock 3rd Party Cookies
Run @ WebWorker
buttonCookie Control
shields setting toBlock all cookies
Run @ WebWorker
buttonlocal storage testing
Cookie Control
shields are set toBlock 3rd Party Cookies
Choose background color
drop downCookie Control
shields setting toBlock all cookies
Choose background color
twitch.tv testing
Details
Add support for missing events:
Fixes brave/browser-laptop#12463
Fixes brave/browser-laptop#14475
Possibly addresses brave/browser-laptop#10685
Auditors: @darkdh, @bridiver